Unwrapping the Message

After accepting the context, the sign_server() receives
the message that has been sent by the client. Because the GSS-API does not
provide a function for receiving tokens, the program uses the recv_token() function:

if (recv_token(s, &xmit_buf) < 0)
return(-1);

Because the message might be encrypted, the program uses the GSS-API
function gss_unwrap() for unwrapping:

gss_unwrap() takes the message that recv_token() has placed in xmit_buf, translates
the message, and puts the result in msg_buf. Two
arguments to gss_unwrap() are noteworthy. conf_state is a flag to indicate whether confidentiality, that is, encryption,
has been applied to this message. The final NULL indicates that the program
does not need to know that the QOP that was used to protect the message.